Being involved in bug bounties, don't be fooled by what happened here. This is exactly a case of extortion: the hacker had downloaded user data from Uber, and was paid off in order to delete the files. This differs from an actual bug bounty payout, where a hacker would be disqualified for extracting user information.
Many larger companies have policies surrounding the paying of ransoms for kidnapping. How is paying this "bounty" any different from paying such a ransom?
After reading the article, it certainly sounds like a regular bug bounty case, maybe the reaction was an overreaction.
Keep in mind this article was written by Mike Isaac who has been a thorn in the side of Uber all throughout 2017. I highly, highly doubt after all the anti-Uber articles he's written that he's an Uber schill, someone who is pro-Uber, or someone who would just blindly believe whatever Uber PR told him.
The tone is distinctively even-tempered, which leads me to believe that maybe it should be taken at face value and it wasn't a coverup at all.
no more uber stores pls. kthanks.